[Touch-packages] [Bug 1758449] Re: skype snap does not work when home directory is not located in /home
*** This bug is a duplicate of bug 1620771 *** https://bugs.launchpad.net/bugs/1620771 This is a known issue. Please see: * https://forum.snapcraft.io/t/how-can-i-use-snap-when-i-dont-use-home-user/3352 * https://bugs.launchpad.net/snapcraft/+bug/1620771 ** Package changed: apparmor (Ubuntu) => snapd (Ubuntu) ** Changed in: snapd (Ubuntu) Status: New => Confirmed ** This bug has been marked a duplicate of bug 1620771 when /home is somewhere else, snaps don't work -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1758449 Title: skype snap does not work when home directory is not located in /home Status in snapd package in Ubuntu: Confirmed Bug description: Hi similar to this bug around libreoffice (https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1751005), apparmor makes the skype snap not work without any information except this: cannot create user data directory: /data/home/georges/snap/skype/23: Permission denied despite the directory being writeable. It would really be advisable to make apparmor specific errors, else end-users will never determine where the error comes from. The error is here: Mar 23 22:35:08 breeze kernel: [6580445.024083] audit: type=1400 audit(1521840908.018:6807): apparmor="DENIED" operation="open" profile="/snap/core/4206/usr/lib/snapd/snap-confine" name="/data/" pid=7213 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 I tried to remove the problem like this: sudo apparmor_parser -R /etc/apparmor.d/snap.core.4206.usr.lib.snapd.snap-confine Which gives a new issue $ skype snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: apparmor 2.11.0-2ubuntu17 ProcVersionSignature: Ubuntu 4.10.0-42.46-generic 4.10.17 Uname: Linux 4.10.0-42-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: XFCE Date: Fri Mar 23 22:38:16 2018 InstallationDate: Installed on 2017-09-20 (184 days ago) InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) JournalErrors: Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system. Users in the 'systemd-journal' group can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions. ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.10.0-42-generic.efi.signed root=/dev/mapper/xubuntu--vg-root ro quiet splash vt.handoff=7 SourcePackage: apparmor UpgradeStatus: Upgraded to artful on 2018-01-31 (50 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1758449/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1758449] Re: skype snap does not work when home directory is not located in /home
I did the HOMEDIRS thing, still not working
$ cat /etc/apparmor.d/tunables/home.d/my-homes
# set to parent directory of your user's directories. Eg, if user's dir is
/foo/bar/USER,
# set this to /foo/bar/
@{HOMEDIRS}+=/data/home/
$ sudo service apparmor reload
$ skype
2018/03/24 14:01:56.276095 cmd_run.go:343: WARNING: XAUTHORITY environment
value is not a clean path: "/data/home/georges/.Xauthority"
cannot create user data directory: /data/home/georges/snap/skype/23: Permission
denied
$ sudo tail -2 /var/log/syslog
Mar 24 14:00:13 breeze anacron[30046]: Normal exit (0 jobs run)
Mar 24 14:01:56 breeze kernel: [6636053.148494] audit: type=1400
audit(1521896516.286:6903): apparmor="DENIED" operation="open"
profile="/snap/core/4206/usr/lib/snapd/snap-confine" name="/data/" pid=30123
comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
I would like to add /data/home to
/etc/apparmor.d/snap.core.4206.usr.lib.snapd.snap-confine but it's
uncomprehensible to me.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1758449
Title:
skype snap does not work when home directory is not located in /home
Status in apparmor package in Ubuntu:
New
Bug description:
Hi
similar to this bug around libreoffice
(https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1751005),
apparmor makes the skype snap not work without any information except
this:
cannot create user data directory: /data/home/georges/snap/skype/23:
Permission denied
despite the directory being writeable.
It would really be advisable to make apparmor specific errors, else
end-users will never determine where the error comes from.
The error is here:
Mar 23 22:35:08 breeze kernel: [6580445.024083] audit: type=1400
audit(1521840908.018:6807): apparmor="DENIED" operation="open"
profile="/snap/core/4206/usr/lib/snapd/snap-confine" name="/data/" pid=7213
comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
I tried to remove the problem like this:
sudo apparmor_parser -R
/etc/apparmor.d/snap.core.4206.usr.lib.snapd.snap-confine
Which gives a new issue
$ skype
snap-confine has elevated permissions and is not confined but should be.
Refusing to continue to avoid permission escalation attacks
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: apparmor 2.11.0-2ubuntu17
ProcVersionSignature: Ubuntu 4.10.0-42.46-generic 4.10.17
Uname: Linux 4.10.0-42-generic x86_64
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Mar 23 22:38:16 2018
InstallationDate: Installed on 2017-09-20 (184 days ago)
InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
JournalErrors:
Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000']
failed with exit code 1: Hint: You are currently not seeing messages from other
users and the system.
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
No journal files were opened due to insufficient permissions.
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.10.0-42-generic.efi.signed
root=/dev/mapper/xubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to artful on 2018-01-31 (50 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1758449/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1758449] Re: skype snap does not work when home directory is not located in /home
Just as a quick info - to get things working with non-default home
directory locations, edit /etc/apparmor.d/tunables/home (or add a file
to /etc/apparmor.d/tunables/home.d/) and add your custom path
("/data/home/") to the @{HOMEDIRS} variable.
I'm not sure why read access to /data/ was requested (do you have
something besides the home directory in /data/ that could be needed by
snap or skype?) and if it is really needed, therefore I'd recommend to
re-check if this denial still happens after adjusting @{HOMEDIRS}.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1758449
Title:
skype snap does not work when home directory is not located in /home
Status in apparmor package in Ubuntu:
New
Bug description:
Hi
similar to this bug around libreoffice
(https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1751005),
apparmor makes the skype snap not work without any information except
this:
cannot create user data directory: /data/home/georges/snap/skype/23:
Permission denied
despite the directory being writeable.
It would really be advisable to make apparmor specific errors, else
end-users will never determine where the error comes from.
The error is here:
Mar 23 22:35:08 breeze kernel: [6580445.024083] audit: type=1400
audit(1521840908.018:6807): apparmor="DENIED" operation="open"
profile="/snap/core/4206/usr/lib/snapd/snap-confine" name="/data/" pid=7213
comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
I tried to remove the problem like this:
sudo apparmor_parser -R
/etc/apparmor.d/snap.core.4206.usr.lib.snapd.snap-confine
Which gives a new issue
$ skype
snap-confine has elevated permissions and is not confined but should be.
Refusing to continue to avoid permission escalation attacks
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: apparmor 2.11.0-2ubuntu17
ProcVersionSignature: Ubuntu 4.10.0-42.46-generic 4.10.17
Uname: Linux 4.10.0-42-generic x86_64
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Mar 23 22:38:16 2018
InstallationDate: Installed on 2017-09-20 (184 days ago)
InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
JournalErrors:
Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000']
failed with exit code 1: Hint: You are currently not seeing messages from other
users and the system.
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
No journal files were opened due to insufficient permissions.
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.10.0-42-generic.efi.signed
root=/dev/mapper/xubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to artful on 2018-01-31 (50 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1758449/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
